ndnh
Legendary
Offline
Activity: 1302
Merit: 1005
New Decentralized Nuclear Hobbit
|
|
April 05, 2015, 05:07:07 PM |
|
lol, came back online for another round and gone! Congratz to injust Can someone share the lvl5 answer? (leave lvl 6 in suspense ) piCube got first the hash... I decrypted to cryptoanarchist and Injust added the 333 =))) => Was a team work )It certainly says solved by Injust... Anyway, level 6 is pretty easy If I get that string it is over . I don't really get the lvl 5 part... Who cracked lvl 5? (I think Injust did that)
|
|
|
|
Injust
Legendary
Offline
Activity: 1008
Merit: 1000
|
|
April 05, 2015, 05:52:37 PM |
|
lol, came back online for another round and gone! Congratz to injust Can someone share the lvl5 answer? (leave lvl 6 in suspense ) piCube got first the hash... I decrypted to cryptoanarchist and Injust added the 333 =))) => Was a team work )It certainly says solved by Injust... Anyway, level 6 is pretty easy If I get that string it is over . I don't really get the lvl 5 part... Who cracked lvl 5? (I think Injust did that) Here's the entire backstory. I couldn't, for the life of me, get past level 4. I know, I'm dumb So when ca333 posted the "Only when you are from NSA, you can enter lvl6..." hint, I immediately thought of HTTP referers, even though I hadn't made it past level 4 yet. So I asked piCube to test it, setting the HTTP referer to NSA's website. And it worked. Because according to the HTTP referer, you're are going to the site "from" the NSA. So piCube practically gave me the answer for level 4, and while I was getting an extension to change HTTP referers, piCube posted the hash that you get in level 6. I put the hash through CrackStation, gave a partial match. I compared md5(cryptoanarchist) with the hash, found that the only thing different was the 333 at the end, so the answer was cryptoanarchist333.
|
|
|
|
ca333 (OP)
|
|
April 05, 2015, 05:55:03 PM |
|
lol, came back online for another round and gone! Congratz to injust Can someone share the lvl5 answer? (leave lvl 6 in suspense ) piCube got first the hash... I decrypted to cryptoanarchist and Injust added the 333 =))) => Was a team work )It certainly says solved by Injust... Anyway, level 6 is pretty easy If I get that string it is over . I don't really get the lvl 5 part... Who cracked lvl 5? (I think Injust did that) piCube and Injust noticed referer-manipulation and are ONLY who reach lvl6. Injust provided complete decrypted code first. biCube posted md5-hash in IRC first. But like old hackathons it only count who post the FULL solution. We (me and injust) gave advice to piCube so to not post hashs from the hackathon public before its not solved fully. Explaining Level 5: Level 5 check your HTTP-Header. the lvl5 look for your "HTTP-REFERER". this is php object from SERVER-Data array what your client send in the http-packet. So now my lvl5-site look for your referer information. In example when you look many otherside check your referer data for marketing, log, statistics, .... Also advertisin-company (web advertisement banners, links,...) check the referer.. Now you must "fake" the referer and write data into this element. Here its the URL of NSA-website. you can in example make this with "curl". This is a commandline tool you can write curl --referer http://www.thesiteyouCOMEFROM.com http://www.thesiteyouwantTHEDATAFRom.com/ now curl loads the data from http://www.thesiteyouwantTHEDATAFRom.com/ and when this site check the referer in your client information then it gets http://www.thesiteyouCOMEFROM.com. So the site think you COME FROM http://www.thesiteyouCOMEFROM.com. And in level5 the site let you then enter level 6 automatical. other option: you can also use browser-plugins for header-manipulation and modification. this exist for many web-browser. i.e. mozilla firefox, google chrome you can google and you find lot of web-debug addons. So you can change the http-referer also here.
|
this space is available (free) for humanitarian nonprofit organizations - please contact me
|
|
|
ndnh
Legendary
Offline
Activity: 1302
Merit: 1005
New Decentralized Nuclear Hobbit
|
|
April 05, 2015, 06:26:53 PM |
|
piCube and Injust noticed referer-manipulation and are ONLY who reach lvl6. Injust provided complete decrypted code first. biCube posted md5-hash in IRC first. But like old hackathons it only count who post the FULL solution. We (me and injust) gave advice to piCube so to not post hashs from the hackathon public before its not solved fully. Explaining Level 5: Level 5 check your HTTP-Header. the lvl5 look for your "HTTP-REFERER". this is php object from SERVER-Data array what your client send in the http-packet. So now my lvl5-site look for your referer information. In example when you look many otherside check your referer data for marketing, log, statistics, .... Also advertisin-company (web advertisement banners, links,...) check the referer.. Now you must "fake" the referer and write data into this element. Here its the URL of NSA-website. you can in example make this with "curl". This is a commandline tool you can write curl --referer http://www.thesiteyouCOMEFROM.com http://www.thesiteyouwantTHEDATAFRom.com/ now curl loads the data from http://www.thesiteyouwantTHEDATAFRom.com/ and when this site check the referer in your client information then it gets http://www.thesiteyouCOMEFROM.com. So the site think you COME FROM http://www.thesiteyouCOMEFROM.com. And in level5 the site let you then enter level 6 automatical. other option: you can also use browser-plugins for header-manipulation and modification. this exist for many web-browser. i.e. mozilla firefox, google chrome you can google and you find lot of web-debug addons. So you can change the http-referer also here. Thanks I am looking for a chrome extension now.. I tried to read it up from stackoverflow. I understand the concept. Only don't know how to change it. Thanks for posting all that information.
|
|
|
|
ndnh
Legendary
Offline
Activity: 1302
Merit: 1005
New Decentralized Nuclear Hobbit
|
|
April 05, 2015, 06:28:48 PM |
|
Here's the entire backstory. I couldn't, for the life of me, get past level 4. I know, I'm dumb So when ca333 posted the "Only when you are from NSA, you can enter lvl6..." hint, I immediately thought of HTTP referers, even though I hadn't made it past level 4 yet. So I asked piCube to test it, setting the HTTP referer to NSA's website. And it worked. Because according to the HTTP referer, you're are going to the site "from" the NSA. So piCube practically gave me the answer for level 4, and while I was getting an extension to change HTTP referers, piCube posted the hash that you get in level 6. I put the hash through CrackStation, gave a partial match. I compared md5(cryptoanarchist) with the hash, found that the only thing different was the 333 at the end, so the answer was cryptoanarchist333. lol, you lucky guy. Next time I get a hash I will keep it a secret.
|
|
|
|
Injust
Legendary
Offline
Activity: 1008
Merit: 1000
|
|
April 05, 2015, 10:22:00 PM |
|
I am adding another 5000MUE to the winner. Good Luck!
I have received the 5000 MUE from upgradeadvice. Thanks!
|
|
|
|
DougB62
|
|
April 06, 2015, 02:39:21 AM |
|
Wow! Glad everyone had fun - I somehow COMPLETELY forgot, and missed it all! lol!
|
|
|
|
Darkblock
Full Member
Offline
Activity: 124
Merit: 100
photo taken by ESSA-7 satelite. 1968
|
|
April 06, 2015, 10:28:23 AM |
|
Wow! Glad everyone had fun - I somehow COMPLETELY forgot, and missed it all! lol! same here. I even had a reminder on my phone but didn't manage to get up before it was solved. well, lets make sure we ll join the next one. seems a pretty funny challange. Congratz to the winner btw.
|
|
|
|
zen2
|
|
April 06, 2015, 11:24:18 AM |
|
gratulation for the winner! i was stuck in level 3 and when i solved it the hackathon is already hacked. but it was awesome! very nice. next time i try it again. maybe one day i reach last level.
|
|
|
|
jorgelugra
Member
Offline
Activity: 266
Merit: 10
|
|
April 08, 2015, 04:21:52 AM |
|
damn i have lost two hackatons since the last, i was absent , and i notice that injust its very advanced in this area congratulations man you rocks again!
|
|
|
|
DougB62
|
|
April 25, 2015, 01:43:11 AM |
|
Is there going to be any more of these upcoming, or have I missed something?
|
|
|
|
ca333 (OP)
|
|
April 26, 2015, 08:10:39 AM |
|
Is there going to be any more of these upcoming, or have I missed something?
no you have not missed it. more will come. i had a problem in RL so i am not able to do it. ( https://bitcointalk.org/index.php?topic=993678.msg11061995#msg11061995) the #4 hackathon is in preparation for the next days. thank you! ca333
|
this space is available (free) for humanitarian nonprofit organizations - please contact me
|
|
|
ndnh
Legendary
Offline
Activity: 1302
Merit: 1005
New Decentralized Nuclear Hobbit
|
|
April 26, 2015, 08:16:12 AM |
|
Same issues here. Don't bother. Launch it after 3 weeks, or so, when I get more time.
|
|
|
|
DougB62
|
|
April 26, 2015, 02:02:11 PM |
|
Ah, I see. Speedy healing to you! Looking forward to it when you are able.
|
|
|
|
ca333 (OP)
|
|
April 28, 2015, 03:52:12 PM |
|
Same issues here. Don't bother. Launch it after 3 weeks, or so, when I get more time. prepare and make yourself ready for this weekend. Ah, I see. Speedy healing to you! Looking forward to it when you are able. thank you! i have finished it and will publish the hackathon the coming weekend. The countdown on the site is now accurate.
|
this space is available (free) for humanitarian nonprofit organizations - please contact me
|
|
|
DougB62
|
|
April 28, 2015, 04:33:12 PM |
|
thank you! i have finished it and will publish the hackathon the coming weekend. The countdown on the site is now accurate.
Great! Looking forward to it!
|
|
|
|
|